Currently, many high security environments require multiple-user control, typically two-person control (TPC). For example, a workstation containing sensitive information may require the presence of two authorized persons to gain access to the sensitive workstation. Although TPC can be incorporated in new system designs by requiring authentication of first and second users before access to the system is granted, many existing systems do not provide for the authentication of two users. Because modification to these systems to provide TPC is burdensome, a common approach to implementing TPC is to provide split passwords. In this approach, each pair of authorized users has an account username and password. Each person in the pair is provided with a portion of the username and a portion of the password. In order to access the sensitive workstation, each individual in the pair must enter a portion of the username and a portion of the password. This split password approach only enforces TPC at time of login. TPC is lost when one of the two authorized individuals walks away from the workstation and is no longer able to survey the workstation. To prevent the loss of TPC, therefore, policies are established requiring both of the authorized users to maintain surveillance and control of the sensitive workstation. Many operations provided on a sensitive workstation utilizing TPC require several hours to complete. Although no interaction with the system is required to keep the operations running, TPC policies require the operators continue surveillance of the sensitive workstation until the operation is complete to avoid interference with the sensitive process or tampering with the sensitive workstation by unauthorized users. Requirements which prevent a user(s) from walking away from the workstation lead to operational inefficiencies. For example, operations must be scheduled taking into account personnel schedules, such as breaks and shift changes.
Screen lock/unlock features, available on some sensitive systems, can prevent tampering allowing a user to walk away from the system while system processes continue. Thus screen lock/unlock features can provide greater flexibility to systems providing a split password approach to TPC. For example, the screen lock feature may be enabled before the user(s) walks away from the workstation. Upon return of the user(s), the user pair may re-enter the split username and password to regain access to the workstation. It is noted, however, that the unlock feature is only available to the original user pair which accessed the work station and implemented the screen lock feature. Thus, if the original pair of users is no longer available, in order to re-gain access to the workstation, the workstation may need to be restarted causing interruptions to any operations and processes occurring on the workstation.
Another drawback of the current split password TPC system is that these systems require significant system administrative burden. Each pair of operators is provided a unique password. Thus, each operator must be paired with all other operators and unique user names and passwords are assigned and split between each unique pair of users. For example, for six operators, the system administrator would need to create fifteen unique user names and passwords.